It’s a Marketing Mess! Artificial Intelligence vs Machine Learning

There are many types of analytics that are used in the security world; some are defined by vendors, others by analysts. Let’s begin by using the Gartner analytics maturity curve as a model for the list, with the insertion of one additional term slotted in the middle of the curve: Behavioral Analytics.

Descriptive Analytics (Gartner): Descriptive Analytics is the examination of data or content, usually manually performed, to answer the question “What happened?” (or What is happening?), characterized by traditional business intelligence (BI) and visualizations such as pie charts, bar charts, line graphs, tables, or generated narratives.

Baikalov explains that descriptive Analytics is the realm of a SIEM (Security Information and Event Management system) like ArcSight: “these systems gather and correlate all log data and report on known bad activities.”

Diagnostic Analytics (Gartner): Diagnostic Analytics is a form of advanced analytics which examines data or content to answer the question “Why did it happen?”, and is characterized by techniques such as drill-down, data discovery, data mining and correlations.

Here, Baikalov says that “diagnostic Analytics is where link analysis tools like Palantir thrive: given a suspect, or security incident, they can figure out potential impact or root cause based on known relationships; it's a forensic activity heavily dependent on human analysts. A next-gen SIEM like Splunk combines both sets of capabilities in one tool – Descriptive + Diagnostic.”

Baikalov explains that, “While not on the Gartner maturity curve, I would categorize Behavioral Analytics as the next evolutionary step up from Diagnostic Analytics. In addition to what bad we know about, has anything out of the ordinary happened and should we worry about it? Behavioral Analytics is looking for deviations from normal, be it temporal (has it happened before?) or environmental (has it happened to suspect's peers?).”

"Anomaly in the behavior of any asset, be it user, computer system, application, or network device, is a good indicator of malicious activity,” says Baikalov. “The indicator does not rely on a priori knowledge of what exactly is wrong or on established thresholds, and is capable of detecting zero-day, low-and-slow, and APT (Advanced Persistent Threat) attacks." (reference)

Prescriptive & Predictive Analytics (Gartner): Prescriptive Analytics is a form of advanced analytics which examines data or content to answer the question “What should be done?” or “What can we do to make _______ happen?”, and is characterized by techniques such as graph analysis, simulation, complex event processing, neural networks, recommendation engines, heuristics, and machine learning.

“Predictive capabilities are a must-have feature in active development,” says Baikalov. As the predictive capabilities improve and false positives decrease, Behavior Analytics will gain enough credibility to work in Prescriptive mode, driving automated response based on the analytics' results. See the UK's new"active cyber-defense" initiative.

Non-security example use case: A traditional AI called an expert system is often used in the context of medical diagnosis. By ingesting reams of medical knowledge, the system asks a series of questions that allow the system to diagnose a disease by narrowing down the possible outcomes. Expert systems are narrowly focused on a particular problem.

Scheferman explains that this earliest form of AI is designed to do basic things that humans can with relative ease. The general premise is that the AI system must possess a large amount of raw knowledge and so, when a question is asked of the expert system, it is able to work through a series of rules until a satisfactory answer is provided. In cybersecurity, the most evolved example of such an expert system would likely be IBM’s Watson for Cyber Security, which is ingesting over 75,000 documented software vulnerabilities, 10,000 security research papers published each year and 60,000 security blogs per month. (reference)

Like its predecessors, however, Watson for Cyber Security requires a significant amount of domain experts to provide its data — and measure how good a job it is doing. Watson is unable to learn on its own, and it can only answer questions derived from the knowledge it has absorbed. The power of expert systems power very affective AI, however: Watson is often able to use pattern recognition, human interaction, NLP and data mining (of both structured and unstructured data) be able to predict an attacker’s next move. It’s impressive by any measure.

Now that we have examined some types of artificial intelligence, such as expert systems and analytics, you'll likely want to read the next article in this series: “Machine Learning: The More Intelligent Artificial Intelligence.” This is where software can grow beyond the constraints of human knowledge and actions – and it’s an area of great investment, and tremendous excitement. Once you read parts 1 and 2, you'll certainly want to read the third article in the series: “The Actual Benefits of Artificial Intelligence & Machine Learning” Here, we will explore how to move beyond the hype and confusion in order to see the real benefits of artificial intelligence and machine learning.

Part 2 was published on Tuesday, November 22nd. Part 3 will be published on Tuesday, November 29th.

Don't want to wait? Then don't!

Fill out the form and click the button below to register. We'll send you the details you need to access it within 24 hours.

About Us

We're only as good as our team, and we have one of the best around. Our team is diverse, creative, experienced and focused. gotcha! brings marketers, writers, analysts, designers, and programmers together to create results for you. Our team collaborates to bring you innovative and exceptional products,
to place you ahead of your competitors.

.

Contact Us

We have four offices and over 4,500 distributors worldwide ready to serve you.

Invalid Captcha Code.

We appreciate you visiting our website to learn more about our products. With locations worldwide, we are well equipped to serve you. Our products and services are avaliable through authorized distributors worldwide and not sold directly to advertisers.

Please complete our inquiry form and an authorized partner in your area will contact you shortly.

Why Register with gotcha!?

Registering with us is free and gives you access to our
Campaign Management Dashboard (CMD™). Attracting, interacting and capturing has never been easier or more targeted. Capture leads and convert them into sales with our powerful tools.

Create Interaction

Create and Manage an Unlimited Number of Campaigns at Once

DEEP ANALYTICS

Gorgeous, Intuitive Analytics. All in Real Time.

Our dashboard is designed to bring you the right data. View campaign overviews, or drill down to traffic driver and content stats. Marketing intelligence has never been more powerful or better looking.